Woocommerce critical vulnerability

  • Resolved talkiewalkie

    (@talkiewalkie)


    2 years, 9 months ago

    Hi,
    I received an email from you tonight talking about a vulnerability issue you discovered on your Woocommerce and Woocommerce blocks plugins. I only have Woocommerce installed on my site, which received an automatic update to version 5.5.1 to resolve this issue. I read in your email that also Woocommerce blocks must be updated to version 5.5.1 and I, not having installed it, didn’t have the problem to update it. I don’t understand why the Woocommerce blocks package appears in the Woocomerce status even if I haven’t installed it and it is updated to version 5.3.2.
    What should I do? I am very inexperienced and I don’t know what to do.

    Can you help me?
    Thank you in advance.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Support Shaun Kuschel a11n

    (@shaunkuschel)

    Automattic Happiness Engineer

    2 years, 9 months ago

    Hey @talkiewalkie,

    Thanks for reaching out regarding this!

    The reason that the WooCommerce Blocks package shows in the Status Report is because the WooCommerce plugin contains most of the functionality from the WooCommerce Blocks plugin. If you take a look at the changelog for the WooCommerce plugin, you’ll see sections for WooCommerce Blocks (and WooCommerce Admin as well, which also has some functionality added to core WooCommerce).

    Most of the updates to the WooCommerce plugin increase the version of the Blocks package, so your site should be all set now, since it has been updated to WooCommerce version 5.5.1.

    If you have any other questions about this, let me know!

    Thread Starter talkiewalkie

    (@talkiewalkie)

    2 years, 9 months ago

    Hi, thank you first of all for the answer!
    The fact is that woocommerce has been automatically updated to version 5.5.1 but in the changelog woocommerce blocks still results in version 5.3.2 (I have not installed the plugin). It seems that update to version 5.5.1 only if you install the last version of the plugin woocommerce blocks (which I do not need though). What should I do? Do I leave everything as it is or is there a risk to the security of my site given the vulnerability found on woocommerce plugins?

    Plugin Support Shaun Kuschel a11n

    (@shaunkuschel)

    Automattic Happiness Engineer

    2 years, 9 months ago

    Hey @talkiewalkie,

    Since your site is showing version 5.3.2 of the Blocks package (and version 5.5.1 of the WooCommerce plugin), you have the fix for the potential security issue deployed on your site, so you shouldn’t need to do anything further.

    In case you (or anyone else reading this thread) may not have seen the announcement post, below is a link (which mentions version 5.3.2 of the Blocks package as one of the ‘patched’ versions that contains the fix):

    https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/

    Acal

    (@acal)

    2 years, 9 months ago

    I updated Woo yesterday but only saw the email come through today. Unfortunately, I upgrade from 5.4.1 to 5.5.1. Is this okay or do I absolutely need to roll back and first upgrade to 5.4.2?

    Thread Starter talkiewalkie

    (@talkiewalkie)

    2 years, 9 months ago

    Hi @shaunkuschel,
    thank you for your reply!
    I hope no data has been stolen from my site. Will we receive any further communication updating us on this?

    Plugin Support con

    (@conschneider)

    Engineer

    2 years, 9 months ago

    Hi there,

    Unfortunately, I upgrade from 5.4.1 to 5.5.1. Is this okay or do I absolutely need to roll back and first upgrade to 5.4.2?

    That is ok if it did work for your site. You can stay on 5.5.1

    Kind regards,

    Plugin Support con

    (@conschneider)

    Engineer

    2 years, 9 months ago

    Hi!

    I hope no data has been stolen from my site. Will we receive any further communication updating us on this?

    We believe this has been fully patched. We will of course let you know if that changes 🙂.

    Kind regards,

    yohana07

    (@yohana07)

    2 years, 9 months ago

    Hola! A mi se me actualizó automáticamente y dejó de funcionar correctamente. Los archivos descargables que les envío a mis clientes cuando les llega el mail ellos no lo pueden descargar. Cuál es el problema? Hace 6 días que funciona re mal!!!!

    Plugin Support Shaun Kuschel a11n

    (@shaunkuschel)

    Automattic Happiness Engineer

    2 years, 9 months ago

    Hey @yohana07,

    Sorry to hear about the problems that you’ve been experiencing since the update. Can you go ahead and create a new post of your own so we can investigate what is happening? Thanks!

    MayKato

    (@maykato)

    2 years, 8 months ago

    Hi @talkiewalkie

    We’ve not heard back from you in a while, so I’m marking this thread as resolved. If you have further questions, please feel free to open a new topic.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Woocommerce critical vulnerability’ is closed to new replies.